The Information Commissioner’s Office (ICO) has revealed that NHS Birmingham East and North breached the Data Protection Act by failing to have the security measures in place to restrict access to confidential files on its IT network.

Electronic files containing personal information relating to thousands of individuals, including NHS employees, were at risk of being accessed by some of the Trust’s staff, as well as by staff at two other nearby Trusts.

While health records were not compromised, some files also contained high level information about patients.

Following an investigation, the ICO found that some security restrictions were in place, and that most files were not easily accessible, but concluded that file security in general was inadequate.

Sally-Anne Poole, acting head of enforcement, said: "It’s vitally important that IT networks storing personal information have robust security measures in place.

"Whilst nobody outside of the Trust environment was able to access the files, problems with the security of the network still led to a situation where sensitive information was potentially available to NHS staff that did not need it to carry out their daily role."

The Trust has since signed an undertaking to ensure that comprehensive policies about the storage and use of personal data are put in place, and that proper technical security measures are implemented to prevent unauthorised access to personal data in the future.

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Login

Not a member yet?

Register for a Computerworld UK Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.Register